/*
 * Copyright 2003 Federal Chancellery Austria
 * MOA-ID has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 */


package at.gv.egovernment.moa.id.proxy;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.util.Iterator;
import java.util.Vector;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.servlet.http.HttpServletRequest;

import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.BoolUtils;
import at.gv.egovernment.moa.util.URLEncoder;



/**
 * Defaultimplementierung von <code>ConnectionBuilder</code>.
 * @author Paul Ivancsics
 * @version $Id$
 */
public class DefaultConnectionBuilder implements ConnectionBuilder {
  
  /** a boolean to disable the HostnameVerification (default = false)*/
  private static boolean cbDisableHostnameVerification = false;

  /**
   * Constructor for DefaultConnectionBuilder.
   * @throws ConfigurationException on any config error
   */
  public DefaultConnectionBuilder() throws ConfigurationException {
	  //INFO: removed from MOA-ID 2.0 config
	  cbDisableHostnameVerification = false;
//    cbDisableHostnameVerification = BoolUtils.valueOf(
//      ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
//        "ProxyComponent.DisableHostnameVerification"));
      //TODO MOA-ID BRZ undocumented feature
    if (cbDisableHostnameVerification)
      Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification);
  }

  /**
   * @see at.gv.egovernment.moa.id.proxy.ConnectionBuilder#buildConnection
   */
  public HttpURLConnection buildConnection(
    HttpServletRequest req,
    String publicURLPrefix,
    String realURLPrefix,
    SSLSocketFactory sslSocketFactory,
    Vector parameters)
    throws IOException {

	// Bug [#540]  
    //String requestedURL = req.getRequestURL().toString();
    String requestedURL = escapeUrl(req.getRequestURL().toString());

    // check whether requested URL starts with publicURLPrefix

    //Temporary allow http:// urls instead of the https:// in publicURLPrefix
    //if (req.getSession().getAttribute("authorizationkey")==null) {
    //  if (! requestedURL.startsWith(publicURLPrefix))
    //    throw new IOException(MOAIDMessageProvider.getInstance().getMessage(
    //    "proxy.01", new Object[] {requestedURL, publicURLPrefix}));
    //}
    
    // in case of GET request, append query string to requested URL;
    // otherwise, HttpURLConnection would perform a POST request
    if ("get".equalsIgnoreCase(req.getMethod()) && ! parameters.isEmpty()) {
      requestedURL = appendQueryString(requestedURL, parameters);
    }
    // build real URL in online application
    String realURLString = realURLPrefix + requestedURL.substring(publicURLPrefix.length());
    URL url = new URL(realURLString);
    Logger.debug("OA Request: " + req.getMethod() + " " + url.toString());

    HttpURLConnection conn = (HttpURLConnection)url.openConnection();
    conn.setRequestMethod(req.getMethod());
    conn.setDoInput(true);
    conn.setDoOutput(true);
    //conn.setUseCaches(false);
    //conn.setAllowUserInteraction(true);
    conn.setInstanceFollowRedirects(false);
    
    // JSSE Abhängigkeit
    if (conn instanceof HttpsURLConnection && sslSocketFactory != null) {
      HttpsURLConnection httpsConn = (HttpsURLConnection) conn;
      httpsConn.setSSLSocketFactory(sslSocketFactory);
      if (cbDisableHostnameVerification)
      	httpsConn.setHostnameVerifier(new HostnameNonVerifier());
    }

    return conn;
  }
  
  private static String escapeUrl(String unescapedUrlString) throws RuntimeException {
  		try {
  			URL unescapedUrl = new URL(unescapedUrlString);
  			String protocol = unescapedUrl.getProtocol();
  			String fragment = unescapedUrl.getRef();
  			String ssp = unescapedUrlString.substring(protocol.length() + 1, unescapedUrlString.length() - ((fragment == null) ? 0 : fragment.length() + 1));
  			
  			URL url2 = new URI(protocol, ssp, fragment).toURL();
  			return url2.toExternalForm();
  		} catch (MalformedURLException e) {
  			throw new RuntimeException(e);
  		} catch (URISyntaxException e) {
  			throw new RuntimeException(e);
  		}
  	}

  
  /**
   * Disconnects the HttpURLConnection if necessary.
   * The implementation of the Connectionbuilder decides wether 
   * if this should be happen or not.
   *
   * @param conn the HttpURLConnection which is normaly to be closed
   */
  public void disconnect(HttpURLConnection conn) {
  	conn.disconnect();
  }


  /**
   * @param requestedURL
   * @param parameters
   * @return
   */
  private String appendQueryString(String requestedURL, Vector parameters) {
    String newURL = requestedURL;
    String parameter[] = new String[2];
    String paramValue ="";
    String paramName ="";
    String paramString ="";
    for (Iterator iter = parameters.iterator(); iter.hasNext();) {
      try {
      	parameter = (String[]) iter.next();   	
      	//next two lines work not with OWA-SSL-Login-form
        paramName = URLEncoder.encode((String) parameter[0], "UTF-8");
        paramValue = URLEncoder.encode((String) parameter[1], "UTF-8");

      } catch (UnsupportedEncodingException e) {
   		//UTF-8 should be supported
      }
      paramString = "&" + paramName + "=" + paramValue + paramString;
    } 	
    if (paramString.length()>0) newURL = newURL + "?" + paramString.substring(1);
    return newURL;
  }

  /**
     * @author Stefan Knirsch
     * @version $Id$
     * A private class to change the standard HostName verifier to disable the
     * Hostname Verification Check
     */
  
  // JSSE Abhängigkeit
  private class HostnameNonVerifier implements HostnameVerifier {

   public boolean verify(String hostname, SSLSession session) {
      return true;
   }

    /**
     * @see com.sun.net.ssl.HostnameVerifier#verify(String, String)
     */
    /*public boolean verify(String arg0, String arg1) {
      return true;
    }*/
  }

}